Defining Digital Trust

Trust is a thorny topic.  You and I might agree that trust is essential—from human relationships, to business transactions, to simply driving down the street—and yet we might disagree about, or be unable to clearly articulate, how to build it.  When author Alexander Chee realizes that, despite understanding the importance of trust, he’d never really learned a process to determine whether he could trust someone, he is floored: “I spent a fair amount of time amazed that anyone had ever let me out of my house.  I felt like a child who has run away with the family car, driving it successfully before finally crashing it into a tree. 1

This is both humorous and sobering.  Especially in the context of today’s digital world, because if we struggle to build trusted human relationships, we are also now charged with building trusted digital relationships.  And models of human trust don’t exactly translate to this machine-scale age, to consumers jaded by what has been dubbed a “post-truth era,” where their own personal data has been affected by numerous security breaches and privacy infringements.2

Clearly, consumers are unable to trust how their data is used and abused online.  Investigating traditional models of trust to help businesses make successful digital transformations reveals the challenge of scale between human and digital models of trust almost immediately.  The mathematics of Dunbar’s Number, the limited number of stable, trusted relationships that can be maintained by human models of trust—150 relationships, to be precise—is eclipsed by the average number of social media connections.  And Dunbar’s Number is patently untenable for enterprise organizations, many of whom rely on an average number of 1,500 third-party technology providers.3

Industry analysts at Gartner acknowledge that “trust underpins every interaction, but traditional trust models do not scale to the scope, spontaneity and agency required in digital business.4  In related research, Gartner analysts write: “It is said that trust takes years to build, seconds to break and forever to repair. Digital trust on the other hand, takes an instant to build, an instant to break and is continuously adaptive.””5  Continuing their analysis, “Gartner defines digital trust as measurable confidence in the distinct expectation that:

  • A person, business, thing or other entity is who or what it claims to be.
  • It can represent itself or be faithfully represented by another entity.
  • It is able to fully participate in digital interactions and consents to do so.
  • It does so in a truthful, predictable, reliable, secure, safe, ethical and privacy-respecting manner.5

Ionic agrees there is a spontaneity to digital transactions, where trust between myself and an online retailer must be established instantly, even if we’ve never connected before.  And the scope—the ‘chain of trust’ between many entities—required for this simple purchase is exponential when compared to traditional supply chain models.  This is because digital transactions allow the transference of agency from individuals to things and algorithms performing tasks on their behalf.  However, understanding the identity of the user at each step—whether human or machine—is but one piece of the puzzle: The identity of the data and the context of the request must also be evaluated in real time.  Trust must be evaluated at every step along the digital chain, otherwise, we simply introduce more and more risk factors into each equation.

Gartner analysts provide several Strategic Planning Assumptions:

  • “Through 2020, organizations that actively promote digital trust will be able to participate in 20% more digital ecosystems and will be able to attract and retain 40% more customers than those that don’t.
  • By 2019, evaluating the trustworthiness of connections will become a top five CEO business priority.” 5

Unlike human trust, digital trust must be quantifiable.  At Ionic, we live by the motto “in math we trust,” which stands for the cryptographic rigor behind Machina.  We focus our energy on the data, since, in digital transactions, that’s the risk.  It’s the common denominator of what gets stolen, what impacts reputations, and what harms consumers.  It’s also what accelerates the collaboration and innovation that leads to success.  Ionic Security defines data trust as the intersection of security, privacy, accountability, and integrity, which answers several fundamental questions: Should I have access to this data?  Am I using the data appropriately?  Is there visibility to ensure that I’ve used this data appropriately?  And finally, am I confident that this data is accurate?6

Ionic Machina answers these questions programmatically and seamlessly across the many silos where data resides.

  • Security is addressed by a key management service that can autonomously handle trillions of key requests at internet scale, support real-time management of company-defined digital relationships, and provide the flexibility to assign each data element with a unique 256-bit key.
  • Privacy is built by default and by design into the policy orchestration layer that considers both roles and attributes to determine whether to release a key, or permit or restrict certain subsequent actions: Each time a request is made, Machina policy considers not just the identity of the requestor, but the state of the data, and the state of the request itself, such as whether the request was initiated from a non-managed device. Granting access to the appropriate data is as simple as a yes or no decision, and unlike traditional solutions, Ionic persists security with the data, so that the data owner always retains the ability to change access rights no matter where the data goes.
  • Accountability is driven by the visibility provided by the many pre-configured reports included in the Machina Dashboard, and also in the open and extensible Machina APIs that allow organizations to correlate and display digital transactions in the application of their choosing.  These APIs allow the export of all Machina logs to analytics and reporting tools of choice to enrich their overall security event and information management capabilities.
  • Integrity is inherent in the encryption and decryption methodologies Ionic uses, storing data protection keys as ciphertext at rest and replicating them synchronously and asynchronously so that no key is ever lost.  The keys themselves are wrapped and delivered using the AES-GCM symmetric encryption standard whenever data passes from one source to another, and at each decryption point, a check can be done to ensure the message received is the one sent.

In many ways, the digital world, without understanding how to transact with fidelity, has crashed the car into tree.  In the absence of absolute truth, trust—Machina—becomes our insulation, protecting us from yet another security hack or breach of privacy.

  1. Medium, A Delicate Bargain of Trust, Alexander Chee
  2. The Washington Post, ‘Post-truth’ named 2016 word of the year by Oxford Dictionaries, Amy B. Wang
  3. Ionic Security, Trust, Re-imagined, Adam Ghetti
  4. Gartner, Digital Trust — Redefining Trust for the Digital Era: A Gartner Trend Insight Report, Felix Gaehtgens, Ant Allan. 31 May 2017.
  5. Gartner, Definition: Digital Trust, Felix Gaehtgens, Ant Allan, Monica Zlotogorski, Frank Buytendijk.  24 May 2017.
  6. Ionic Security, Enabling Innovation and Trust in Atlanta, Adam Ghetti